Information About Native Profiling
You can profile devices based on HTTP and DHCP to identify the end devices on the network. You can configure device-based policies and enforce these policies per user or per device policy on the network.
Policies allow profiling of mobile devices and basic onboarding of the profiled devices to a specific VLAN. They also assign ACL and QoS or configure session timeouts.
The policies are defined based on the following attributes:
-
User group or user role
-
Device type such as Windows clients, smartphones, tablets, and so on
-
Service Set Identifier (SSID)
-
Location, based on the access point group that the end point is connected to
-
Time of the day
-
Extensible Authentication Protocol (EAP) type, to check what EAP method that the client is getting connected to
When a wireless client joins an access point, certain QoS policies get enforced on the access point. One such feature is the native profiling for both upstream and downstream traffic at AP. The native profiling feature when clubbed with AAA override supports specific set of policies based on the time of day and day of week. The AAA override then applies these policies coming from a RADIUS server to the access point.
Let’s consider a use case of time of the day in conjunction with user role. Usually, the user role is used as an extra matching criteria along with the time of day. You can club the time of day usage with any matching criteria to get the desired result. The matching will be performed when the client joins the controller .
You can configure policies as two separate components:
-
Defining policy attributes as service templates that are specific to clients joining the network and applying policy match criteria
-
Applying match criteria to the policy.
Note |
Before proceeding with the native profile configuration, ensure that HTTP Profiling and DHCP Profiling are enabled. |
Note |
Native profiling is not supported with FlexConnect Local Authentication and Local Switching. Hence, do not configure no central switching, no central authentication, and subscriber-policy-name name commands together. ISSU will fail for this type of configuration. Ensure that you remove the configuration before attempting ISSU. |
To configure Native Profiling, use one of the following procedures:
-
Create a service template
-
Create a class map
Note
You can apply a service template using either a class map or parameter map.
-
Create a parameter-map and associate the service template to parameter-map
-
Create a policy map
-
If class-map has to be used: Associate the class-map to the policy-map and associate the service-template to the class-map.
-
If parameter-map has to be used: Associate the parameter-map to the policy-map
-
-
Associate the policy-map to the policy profile.
-